Intel unveils the 8th Gen Intel Core processor family and launches the first of the family on Monday, Aug. 21, 2017. The 8th Gen Intel Core processors are designed for what’s next and deliver up to 40% gen over gen performance boost. (Credit: Intel Corporation)

Foreshadow flaw

But now a group of researchers from five academic institutions discovered that the most secure area of Intel chips is not as secure as it should be.

This secure area is called the Software Guard Extensions feature (SGX). Essentially, this allows programs to create secure enclaves on Intel processors. This is a region on the Intel processor that can be sectioned off to run code that the computer’s operating system can’t access or change. Basically it is safe haven for sensitive data or code that is supposed to be secure, even if the computer or server itself is compromised by malware.

“The original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory,” said the researchers.

The researchers, when they discovered the flaw, alerted Intel in early January. Intel then identified two closely related variants, potentially affecting additional microprocessors, SMM code, Operating system and Hypervisor software.

And Intel admits the flaw is very serious, as the Foreshadow bugs can allow malicious applications “to infer the values of data in the operating system memory, or data from other applications.”

Intel also said a malicious guest virtual machine (VM) may be able to infer the values of data in the VMM’s memory, or values of data in the memory of other guest VMs; malicious software running outside of SMM may be able to infer values of data in SMM memory; and finally malicious software running outside of an Intel SGX enclave or within an enclave may be able to infer data from within another Intel SGX enclave.

Intel has released new microcode for many of the processors affected and patched are included in Microsoft’s latest Patch Tuesday security update.

Cloud warning

One expert highlighted the threat this type of flaw poses to cloud service providers.

“Cloud providers of virtual servers are more susceptible than on-premises networks in this instance because that’s the most likely place you’d have one physical server housing dozens of virtual machines run by different companies,” explained Ken Spinner, VP of field engineering at Varonis.

“If the vulnerability could be successfully exploited, attackers could hit the jackpot,” said Spinner. “However, a data centre could hold literally hundreds of thousands of servers and potentially millions of VMs. Hackers would be conducting an unfocused attack, rather than focusing on exploiting a target organisation. It would be a shot in the dark.”

“These vulnerabilities are the latest in a long line of exploits,” he concluded. “While the approaches change, the goal often stays the same – to grab your company’s data. To complicate matters, most companies are dealing with hybrid data stores with some of their data on-premises and some in the cloud, which creates challenges and potential risk from a security and data governance standpoint. Never assume your data is safe in the cloud.”